package com.dnapipeline.modelManage.config;

import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable() // 如果你不需要CSRF保护，可以禁用
            .authorizeRequests()
            .antMatchers(HttpMethod.DELETE, "/v1/**").permitAll() // 允许DELETE
            .antMatchers(HttpMethod.GET, "/v1/**").permitAll() // 允许DELETE方法
            .antMatchers(HttpMethod.POST, "/v1/**").permitAll() // 允许POST方法
            .antMatchers(HttpMethod.PUT, "/v1/**").permitAll() // 允许PUT方法
            .anyRequest().authenticated();
    }
}